web

Brave Web Browser

Over the past few days I’ve been checking out the Brave web browser. I’ve downloaded it onto my mobile devices, desktop and notebook computers. After a day of use, I quickly found myself wanting to make it my default browser of choice. So I did.

What caught my attention about Brave is their messaging that the current web is broken and Brave is on a mission to fix the lack of privacy and reshape support of content creators1.

Privacy and security with me as the focus is refreshing in a world today where we are surrounded and encamped with corporations and governments wanting to know every personal detail about us.

We’re not in the personal data business..

Some of the interesting builtin features include,

  • Ad blocking
  • Fingerprinting prevention
  • Cookie control
  • HTTPS upgrading
  • Builtin Tor support (beta)

I’m pleased that Brave is open source and available for anyone to review the source code2. Many of the current modern popular browsers today are open source at their core, however their corporate sponsors spin and release a closed version.

An announcement 3 was published a few days ago for enhanced security using builtin support for Tor. Typically, if I want to browse the web or research a topic using the Tor network I had to use a separate standalone Tor browser. It’s refreshing to open a new-tab w/Tor support (within Brave) without opening and switching to a 2nd application.

I have found some quirks that I don’t care for.

  • Importing my bookmarks from Safari did not work correctly4.
  • Bookmark accessibility could be better, I’m fond of Safari and Firefox making the bookmarks accessible as a left-side panel either temporarily or on-demand.

The new Brave browser blocks the ads and trackers that slow you down, chew up your bandwidth, and invade your privacy. Brave even lets you contribute to your favorite creators automatically.

I’m still kicking the tires on Brave, but for the moment Brave has won me over.

It is available to the usual suspects, Windows, macOS, Linux, iOS and Android.

https://brave.com

  1. https://brave.com/publishers/
  2. https://github.com/brave
  3. https://brave.com/tor-tabs-beta/
  4. Alternatively, importing from an html file did work fine.

Can a good offense provide a good defense?

Yesterday I had the pleasure of attending a webinar on Juniper’s Mykonos product.  This was my first exposure to anything related to Mykonos.  At first glance it would be easy to mistakenly classify Mykonos as a Web Application Firewall (WAF) but it is not exactly a WAF.

The acquisition of the Mykonos Software by Juniper was announced in February of this year.  In reading the announcement Mykonos software was comprised of 14 employees with offices in San Francisco, New York City, and Rochester, New York.

The primary definition of Mykonos is “Web Intrusion Deception System”.  It does the same things as a WAF does, but adds enhancements to those functions AND it introduces deception techniques.

The idea behind the deception approach is not only to protect the web application but also impact the economics behind the attacker.  As it was discussed in the webinar, there are economics behind cracking into computer systems and believe it or not, there is an investment cost associated with conducting this activity.  The return on investment is the black market value for successful exploits.

Given the deception factor that Mykonos brings to the security tool bag, it raises the question, is a good offense a good defense?  I think so in my view.  It’s another layered security method.

Gartner is sited as the source for, “70% of threats are at the Web application layer.” While I have not directly read anything from Gartner on the matter they are citied as the source here.

Mykonos highlights the following features,

  • Meets PCI Compliance 6.6
  • Detection Technology is code-level tar traps and signatures
  • Tracking Technique is client-level (not solely IP based)
  • Deceptive Responses

Mykonos claims no false positives, which should be an eyebrow raiser.  By default I’m sure this claim will stir conversation.

The jump page for Juniper’s Mykonos is here,
http://www.juniper.net/us/en/products-services/security/software/

After you land there and click on the link “Mykonos” you will be taken to here,
http://www.mykonossoftware.com/